[14PacRimLPolyJ223] The Private Sector Amendment to Australia's Privacy Act: A First Step on the Road to Privacy

Abstract:

Abstract: Global and national transfers of personal information and data
protection laws meant to regulate such transfers will have a significant impact on the
growing Internet. Yet vastly different philosophies on how to protect individuals'
personal information from theft or misuse by the private sector have led to very different
regulatory models throughout the world. In the industrialized world, the European
Union's approach, a universally applicable, comprehensive data protection law,
occupies one end of the regulatory spectrum, while a self-regulatory scheme like the
United States' stakes out the other end. Australia's Private Sector Privacy Act
Amendment ("2000 Amendment") lies somewhere in between. Australia's 2000
Amendment has been called "co-regulatory" or "light touch" regulation partly because
it was meant to allay citizens' increasing privacy concerns, yet not impose a significant
regulatory burden on industry.
Australia 's Private Sector Privacy Bill was touted as an innovative compromise
between costly state regulation and ineffective self-regulation. However, some of the
concessions made in the name of flexibility and de-regulation have resulted in a weak
regulatory scheme that produces inconsistent and ineffective information privacy
protection. In particular, the small business exemption and the limited enforcement
mechanisms weaken the 2000 Amendment so much as to call into question whether
Australia's information privacy law is merely a baby step away from self-regulation
rather than a happy medium on the regulatory scale. If the 2000 Amendment is to
provide Australians with the substantive privacy protections it sets forth, legislators
should fix two flaws in the next round of private sector privacy regulation. First, they
should close or phase out the small business exemption. Second, in order to give effect to
the substantive provisions of the Amendment, the law should allow more effective
enforcement by using a system of appropriate penalties that escalate according to the
degree of non-compliance. These changes would provide more thorough protection of
Australians 'privacy, yet would not reduce the benefits derived from the "co-regulatory"
model.